Technology Law Source

Monthly Archives: February 2011

False Marking Qui Tam Provision Found Unconstitutional

As has been widely reported, there has been an influx of false marking cases hitting the courts over the past year based on 34 U.S.C. Section 292, the False Marking Statute.  That statute, loosely translated, makes it an offense to mark a product or use in advertising a  patent number or the words "patent," "patent pending," or any other indication that a patent applies to a product when it in fact does not.  This includes situations in which a company for years correctly marked a product with a patent number, but then continued so marking the product after the expiration of the patent.  The statute states that a person responsible for such an offense shall be fined not more than $500 for every such offense. 

The statutory language also includes a somewhat uniquely simplistic qui tam provision providing that "Any person may sue for the penalty, in which event one-half shall go to the person suing and the other to the use of the United States."  While the qui tam provision of the False Marking Statute was enacted in 1952, the 2009 Forest Group , Inc. v. Bon Tool Company decision made the qui tam actions more financially lucrative—and set the groundwork for a cottage industry of false marking litigation—by holding that violators of the False Marking Statute face a $500 fine for each article improperly marked rather than a $500 fine for a single decision to improperly mark multiple articles. 

The February 23, 2011 decision in Unique

HHS imposes 7 Figure Fine for Breach of HIPAA; Soon to be the Norm?

In case you missed the OCR announcement late yesterday afternoon, the Department of Health and Human Services announced that it was imposing a civil money penalty of $4.3 million dollars against Cignet Health for various violations of HIPAA.   These penalties were based upon the violation categories and increased penalty amounts authorized by the HITECH Act; discussed further here.  The violations stemmed in part from Cignet’s failure to provide 41 patients access to their own medical records as required under 45 C.F.R. § 164.524.   In addition to the huge amount of the fine, according the HHS, this action marks the first civil money penalty issued by HHS for HIPAA Privacy Rule violations.  This action could indicate a renewed push by HHS to enforce violations of HIPAA and utilize its heightened penalty schedule and enhanced enforcement powers provided under the HITECH Act.  Could this be the new norm for HIPAA enforcement?  Only time will tell.…

Identity Fraud down 28% in 2010; Consumer Costs Up!


According to Javelin Strategy & Research’s 2011 Identity Fraud Survey Report, there was a 28% drop in the number of victims of identity fraud in 2010.  Additionally, the number of reported data breaches dropped significantly (404 reported breaches in 2010, down from 604 in 2009).  Finally, the report states that "only" 26 million records were reportedly exposed in 2010 compared to a whopping 221 million exposed in 2009.  James Van Dyke, president and founder of Javelin Strategy & Research, attributed (i) increased educational efforts by business, the financial services industry, and government agencies and (ii) "[e]conomic conditions" as contributing factors in the reduction in identity fraud over the past year.   


Not all metrics improved however. The report stated that the consumer out-of-pocket costs rose significantly from $387 in 2009 to $631 in 2010.  The reason for the out-of-pocket increase may be attributed to more "focused" attacks on individuals and an increase in, what the report refers to as, "friendly fraud."  What we don’t know is whether the fewer victims facing greater damages is solely the result of more effective, if less widespread, attacks, or if there are other factors at play.  What is also unknown is what caused the almost 10 fold drop in the number of records reportedly exposed in 2010.   Could this be due to more improved data security tools and practices, or an increased resistance by businesses to report breach events, especially in those instances where conclusively determining that a reportable breach occurred …

Attend Our Upcoming Complimentary Workshop – ” What Would YOU Do If Your Network is Hacked?”

Wednesday, February 16, 2011 11:30 a.m. – 1:30 p.m. Lunch will be provided. Capital Club – 41 South High Street, 7th Floor Columbus, Ohio

One needs only to visit a site such as to learn the extent data breach incidents occur. This workshop will help you learn how to respond to data breach intrusions, whether as a result of a lost laptop, criminal hacking, or other unauthorized access or use of information.

Featuring: Robert J. Morgan, Esq., Porter Wright Morris & Arthur LLP Jeremy A. Logsdon, Esq., Porter Wright Morris & Arthur LLP Donna M. Ruscitti, Esq., Chair, Porter Wright’s Information Privacy and Data Security Practice Group

This is a complimentary seminar, however seating is limited. To reserve your spot at this program, please e-mail Deb Ballard at before February 14.